The s6-fillurandompool program

s6-fillurandompool blocks until the machine's
/dev/urandom entropy pool is filled up. Then it exits.

Interface

s6-fillurandompool

Rationale

For some reason, Linux has two separate entropy pools: one for
/dev/random and one for /dev/urandom.

Reading from /dev/random blocks when its entropy pool is
not full enough, so it will never return weak random data. (Reading
from /dev/random is overkill anyway, and
you
should not be doing it.)

However, reading from /dev/urandom (which
you should be doing)
will not block, even though the entropy pool may not have been
initialized yet. That's the only insecure thing about it: at boot time,
/dev/urandom may return weak random data, until its entropy
pool has filled up.

s6-fillurandompool is meant to address this issue. Call it once
early on in your boot scripts, before you need any serious random data;
when it exits, the /dev/urandom pool has been properly initialized,
and it is now safe to read from /dev/urandom every time you need
random data, until the machine shuts down.

Notes

s6-fillurandompool will only work on a Linux kernel version
3.17 or later: this is when the
getrandom()
system call, which it internally uses, has been implemented.